From 3021e25d950cc3eb176cf5cb3c3485746ebad6ec Mon Sep 17 00:00:00 2001
From: Charlie Tonneslan <cst0520@gmail.com>
Date: Wed, 18 Mar 2026 11:29:16 -0400
Subject: [PATCH] fix(filesystem): use normalizePath in path validation for UNC
 path support

isPathWithinAllowedDirectories used path.resolve(path.normalize())
directly, which can mangle UNC paths (\\server\share) by stripping
the leading double backslash. The rest of the codebase uses
normalizePath() which preserves UNC prefixes.

Now uses normalizePath() for both the input path and allowed
directory normalization, ensuring consistent handling of UNC paths
in the subdirectory prefix check.

Fixes #3527
---
 src/filesystem/path-validation.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/filesystem/path-validation.ts b/src/filesystem/path-validation.ts
index 972e9c49d0..8af8e62f90 100644
--- a/src/filesystem/path-validation.ts
+++ b/src/filesystem/path-validation.ts
@@ -1,4 +1,5 @@
 import path from 'path';
+import { normalizePath } from './path-utils.js';
 
 /**
  * Checks if an absolute path is within any of the allowed directories.
@@ -27,7 +28,7 @@ export function isPathWithinAllowedDirectories(absolutePath: string, allowedDire
   // Normalize the input path
   let normalizedPath: string;
   try {
-    normalizedPath = path.resolve(path.normalize(absolutePath));
+    normalizedPath = normalizePath(path.resolve(path.normalize(absolutePath)));
   } catch {
     return false;
   }
@@ -51,7 +52,7 @@ export function isPathWithinAllowedDirectories(absolutePath: string, allowedDire
     // Normalize the allowed directory
     let normalizedDir: string;
     try {
-      normalizedDir = path.resolve(path.normalize(dir));
+      normalizedDir = normalizePath(path.resolve(path.normalize(dir)));
     } catch {
       return false;
     }